“1. Use a VPN”
lol, AND HOW DID you PAY for the VPN?? By Credit card. So they know who you are.
The real issue is what is your threat model? Understanding what threat you are trying to stop or prevent leads to the best practices. If you are trying to stop the fiveeyes, paying for a VPN with a credit card is probably not a good idea. If you are trying to maintain some modicum of
Privacy and slow down the google/Facebook corporate surveillance, then a decent VPN like Proton should work just fine, even paying with the credit card. Proton doesn’t sell users into to 3rd parties.
If people are worried about google/fb/ms going through their emails, then Switching to protonmail (or tutanota) helps to keep your mail more secure.
Again though, it really depends on what the threat model is and what you are trying to stop.